[people/stevee/network.git] / hooks / zones / pppoe

#!/bin/bash
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2010  Michael Tremer & Christian Schmidt                      #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

. /usr/lib/network/header-zone

# TODO XXX AC name, service name, sync?

HOOK_SETTINGS="HOOK AUTH LINKNAME USER SECRET PEERDNS DEFAULTROUTE MTU"

AUTH=
DEFAULTROUTE=1
IPV6=1
LINKNAME="$(uuid)"
MTU=1492
PEERDNS=1
SECRET=
USER=

PPPOE_ALLOWED_AUTHS="chap pap"
PPPOE_PLUGIN="rp-pppoe.so"

function pppd_pid() {
	local zone=${1}
	shift

	cat /var/run/${zone}.pid 2>/dev/null
}

function _check() {
	assert isset USER
	assert isset SECRET
	assert isset LINKNAME
	assert isset DEFAULTROUTE
	assert isset PEERDNS
	#assert isset DEVICE
	#assert isset DEVICE_TYPE

	assert isbool DEFAULTROUTE
	assert isbool IPV6
	assert isbool PEERDNS
	#assert ismac DEVICE
	#assert isoneof DEVICE_TYPE real virtual

	local ports_num=$(listlength ${PORTS})
	assert isoneof ports_num 0 1

	isset AUTH && assert isoneof AUTH ${PPPOE_ALLOWED_AUTHS}
	isset DEVICE_ID && assert isinteger DEVICE_VID
}

function _parse_cmdline() {
	local value

	while [ $# -gt 0 ]; do
		case "$1" in
			--user=*)
				USER=${1#--user=}
				;;
			--secret=*)
				SECRET=${1#--secret=}
				;;
			--linkname=*)
				LINKNAME=${1#--name=}
				;;
			--mtu=*)
				MTU=${1#--mtu=}
				;;
			--defaultroute=*)
				value=${1#--defaultroute=}
				if enabled value; then
					DEFAULTROUTE=1
				else
					DEFAULTROUTE=0
				fi
				;;
			--dns=*)
				value=${1#--dns=}
				if enabled value; then
					PEERDNS=1
				else
					PEERDNS=0
				fi
				;;
			--auth=*)
				AUTH=${1#--auth=}
				;;
			--ipv6=*)
				IPV6=${1#--ipv6=}
				;;
			*)
				echo "Unknown option: $1" >&2
				exit ${EXIT_ERROR}
				;;
		esac
		shift
	done
}

function _up() {
	local zone=${1}
	shift

	assert isset zone

	zone_config_read ${zone}

	local port=$(zone_get_ports ${zone})

	assert isset port

	if ! port_exists ${port}; then
		error_log "Parent device '${port}' does not exist. Cannot bring up zone '${zone}'."
		exit ${EXIT_ERROR}
	fi

	# Creating necessary files
	# XXX must be PPP_RUN
	[ -d "${RED_RUN}/${LINKNAME}" ] || mkdir -p ${RED_RUN}/${LINKNAME}

	# Setting up the device
	zone_ports_up ${zone}

	ppp_secret "${USER}" "${SECRET}"

	# XXX AC and service on plugin command line

	cat <<EOF >${RED_RUN}/${LINKNAME}/options
# Naming options
ifname ${zone}
name ${LINKNAME}
linkname ${LINKNAME}

plugin ${PPPOE_PLUGIN} ${port}

# Enable/disable IPv6
$(enabled IPV6 && echo "+" || echo "-")ipv6

# User configuration
user ${USER}

$(enabled PEERDNS && echo "usepeerdns")
$(enabled DEFAULTROUTE && echo "defaultroute")

noauth
$(isset AUTH && echo "require-${AUTH}")

noipdefault

# Maximum transmission/receive unit
mtu ${MTU}
mru ${MTU}

# Disable the compression
noccp noaccomp nodeflate nopcomp novj novjccomp nobsdcomp nomppe

updetach debug
EOF

	pppd_exec file ${RED_RUN}/${LINKNAME}/options

	local ret=$?

	# Get exit code from ppp daemon and handle it:
	case "${ret}" in
		0)
			log DEBUG "pppd detached successfully"
			exit ${EXIT_OK}
			;;
		19)
			log ERROR "Authentication failed. Maybe user and/or secret is/are incorrect."
			exit ${EXIT_ERROR}
			;;
	esac

	error_log "pppd exited with unknown exit code '${ret}'"

	exit ${EXIT_ERROR}
}

function _down() {
	local zone=${1}
	shift

	# Kill pppd
	# XXX very ugly
	kill $(pppd_pid ${zone}) &>/dev/null

	zone_ports_down ${zone}

	exit ${EXIT_OK}
}

function _discover() {
	local device=${1}

	if [ "$(device_get_type ${device})" != "real" ]; then
		exit ${EXIT_ERROR}
	fi

	local output
	output=$(pppoe-discovery -I ${device} -U $(uuid) 2>&1)

	# Exit if there was not output
	[ -z "${output}" ] && exit ${DISCOVER_ERROR}

	# Exit if PADI timed out
	grep -q "Timeout" <<<${output} && exit ${DISCOVER_ERROR}

	local ac
	while read line; do
		case "${line}" in
			Access-Concentrator:*)
				ac="${line#Access-Concentrator: }"
				;;
		esac
	done <<<"${output}"

	echo "ACCESS_CONCENTRATOR=\"$ac\""

	exit ${DISCOVER_OK}
}

function _status() {
	local zone=${1}
	assert isset zone

	cli_device_headline ${zone}

	zone_config_read ${zone}

	cli_headline 2 "Configuration"
	cli_print_fmt1 2 "User" "${USER}"
	cli_print_fmt1 2 "Secret" "<hidden>"
	cli_space

	enabled IPV6 &>/dev/null
	local ipv6_enabled=$?
	cli_print_fmt1 2 "IPv6?" "$(cli_print_bool ${ipv6_enabled})"

	cli_headline 2 "Ports"
	zone_ports_status ${zone}
	if [ -z "$(zone_get_ports ${zone})" ]; then
		cli_print_warning "No ports attached. Won't be able to start."
		cli_space
	fi

	# Exit if zone is down
	if ! zone_is_up ${zone}; then
		echo # Empty line
		exit ${EXIT_ERROR}
	fi

	# XXX display time since connection started

	cli_headline 2 "Point-to-Point-over-Ethernet protocol"
	local proto
	for proto in ${IP_SUPPORTED_PROTOCOLS}; do
		routing_db_exists ${zone} ${proto} || continue

		local headline
		case "${proto}" in
			ipv6)
				headline="Internet Protocol Version 6"
				;;
			ipv4)
				headline="Internet Protocol Version 4"
				;;
			*)
				headline="Unkown protocol"
				;;
		esac
		cli_headline 3 "${headline}"

		cli_print_fmt1 3 "IP address"  "$(routing_db_get ${zone} ${proto} local-ip-address)"
		cli_print_fmt1 3 "Gateway"     "$(routing_db_get ${zone} ${proto} remote-ip-address)"
		cli_print_fmt1 3 "DNS servers" "$(routing_db_get ${zone} ${proto} dns)"
		cli_space
		cli_print_fmt1 3 "MAC-Remote"  "$(routing_db_get ${zone} ${proto} remote-address)"
		cli_space
	done

	exit ${EXIT_OK}
}

function _port_add() {
	local zone=${1}
	local port=${2}
	shift 2

	if [ $(listlength $(zone_get_ports ${zone})) -ge 1 ]; then
		error "This hook only supports one port at a time."
		error "Please remove any existant port(s) and try again."
		exit ${EXIT_ERROR}
	fi

	_port_cmd add ${zone} ${port} $@

	exit ${EXIT_OK}
}
Commit	Line	Data
1848564d MT	1	#!/bin/bash
	2	###############################################################################
	3	# #
	4	# IPFire.org - A linux based firewall #
	5	# Copyright (C) 2010 Michael Tremer & Christian Schmidt #
	6	# #
	7	# This program is free software: you can redistribute it and/or modify #
	8	# it under the terms of the GNU General Public License as published by #
	9	# the Free Software Foundation, either version 3 of the License, or #
	10	# (at your option) any later version. #
	11	# #
	12	# This program is distributed in the hope that it will be useful, #
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	15	# GNU General Public License for more details. #
	16	# #
	17	# You should have received a copy of the GNU General Public License #
	18	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	19	# #
	20	###############################################################################
	21
f41fa3d7	22	. /usr/lib/network/header-zone
1848564d	23
943e3f7e	24	# TODO XXX AC name, service name, sync?
1848564d	25
943e3f7e	26	HOOK_SETTINGS="HOOK AUTH LINKNAME USER SECRET PEERDNS DEFAULTROUTE MTU"
1848564d MT	27
	28	AUTH=
	29	DEFAULTROUTE=1
201b7dff	30	IPV6=1
1848564d MT	31	LINKNAME="$(uuid)"
	32	MTU=1492
	33	PEERDNS=1
	34	SECRET=
	35	USER=
	36
	37	PPPOE_ALLOWED_AUTHS="chap pap"
	38	PPPOE_PLUGIN="rp-pppoe.so"
	39
261132f9 MT	40	function pppd_pid() {
	41	local zone=${1}
	42	shift
	43
	44	cat /var/run/${zone}.pid 2>/dev/null
	45	}
	46
1848564d MT	47	function _check() {
	48	assert isset USER
	49	assert isset SECRET
	50	assert isset LINKNAME
	51	assert isset DEFAULTROUTE
	52	assert isset PEERDNS
711ffac1 MT	53	#assert isset DEVICE
711ffac1 MT	54	#assert isset DEVICE_TYPE
1848564d MT	55
1848564d MT	56	assert isbool DEFAULTROUTE
201b7dff	57	assert isbool IPV6
1848564d	58	assert isbool PEERDNS
711ffac1 MT	59	#assert ismac DEVICE
	60	#assert isoneof DEVICE_TYPE real virtual
	61
	62	local ports_num=$(listlength ${PORTS})
	63	assert isoneof ports_num 0 1
1848564d MT	64
	65	isset AUTH && assert isoneof AUTH ${PPPOE_ALLOWED_AUTHS}
	66	isset DEVICE_ID && assert isinteger DEVICE_VID
	67	}
	68
	69	function _parse_cmdline() {
711ffac1 MT	70	local value
711ffac1 MT	71
1848564d MT	72	while [ $# -gt 0 ]; do
	73	case "$1" in
	74	--user=*)
	75	USER=${1#--user=}
	76	;;
	77	--secret=*)
	78	SECRET=${1#--secret=}
	79	;;
	80	--linkname=*)
	81	LINKNAME=${1#--name=}
	82	;;
	83	--mtu=*)
	84	MTU=${1#--mtu=}
	85	;;
711ffac1 MT	86	--defaultroute=*)
	87	value=${1#--defaultroute=}
	88	if enabled value; then
	89	DEFAULTROUTE=1
	90	else
	91	DEFAULTROUTE=0
	92	fi
1848564d	93	;;
711ffac1 MT	94	--dns=*)
	95	value=${1#--dns=}
	96	if enabled value; then
	97	PEERDNS=1
	98	else
	99	PEERDNS=0
	100	fi
1848564d MT	101	;;
	102	--auth=*)
	103	AUTH=${1#--auth=}
	104	;;
201b7dff MT	105	--ipv6=*)
	106	IPV6=${1#--ipv6=}
	107	;;
1848564d MT	108	*)
	109	echo "Unknown option: $1" >&2
	110	exit ${EXIT_ERROR}
	111	;;
	112	esac
	113	shift
	114	done
1848564d MT	115	}
	116
	117	function _up() {
	118	local zone=${1}
	119	shift
	120
711ffac1 MT	121	assert isset zone
	122
	123	zone_config_read ${zone}
	124
943e3f7e MT	125	local port=$(zone_get_ports ${zone})
	126
	127	assert isset port
	128
	129	if ! port_exists ${port}; then
	130	error_log "Parent device '${port}' does not exist. Cannot bring up zone '${zone}'."
711ffac1 MT	131	exit ${EXIT_ERROR}
711ffac1 MT	132	fi
1848564d	133
1848564d	134	# Creating necessary files
711ffac1	135	# XXX must be PPP_RUN
1848564d MT	136	[ -d "${RED_RUN}/${LINKNAME}" ] \|\| mkdir -p ${RED_RUN}/${LINKNAME}
	137
	138	# Setting up the device
943e3f7e	139	zone_ports_up ${zone}
1848564d MT	140
	141	ppp_secret "${USER}" "${SECRET}"
	142
711ffac1 MT	143	# XXX AC and service on plugin command line
711ffac1 MT	144
1848564d	145	cat <<EOF >${RED_RUN}/${LINKNAME}/options
5b20e43a	146	# Naming options
1848564d MT	147	ifname ${zone}
	148	name ${LINKNAME}
	149	linkname ${LINKNAME}
5b20e43a	150
943e3f7e	151	plugin ${PPPOE_PLUGIN} ${port}
5b20e43a	152
201b7dff MT	153	# Enable/disable IPv6
	154	$(enabled IPV6 && echo "+" \|\| echo "-")ipv6
	155
5b20e43a MT	156	# User configuration
	157	user ${USER}
	158
1848564d MT	159	$(enabled PEERDNS && echo "usepeerdns")
1848564d MT	160	$(enabled DEFAULTROUTE && echo "defaultroute")
5b20e43a MT	161
5b20e43a MT	162	noauth
1848564d	163	$(isset AUTH && echo "require-${AUTH}")
5b20e43a MT	164
	165	noipdefault
	166
	167	# Maximum transmission/receive unit
	168	mtu ${MTU}
	169	mru ${MTU}
	170
	171	# Disable the compression
1848564d	172	noccp noaccomp nodeflate nopcomp novj novjccomp nobsdcomp nomppe
5b20e43a	173
71c6b131	174	updetach debug
5b20e43a	175	EOF
5b20e43a	176
711ffac1	177	pppd_exec file ${RED_RUN}/${LINKNAME}/options
1848564d	178
da453c33 MT	179	local ret=$?
	180
	181	# Get exit code from ppp daemon and handle it:
	182	case "${ret}" in
	183	0)
	184	log DEBUG "pppd detached successfully"
	185	exit ${EXIT_OK}
	186	;;
2c973348 MT	187	19)
	188	log ERROR "Authentication failed. Maybe user and/or secret is/are incorrect."
	189	exit ${EXIT_ERROR}
	190	;;
da453c33 MT	191	esac
	192
	193	error_log "pppd exited with unknown exit code '${ret}'"
	194
	195	exit ${EXIT_ERROR}
1848564d MT	196	}
	197
	198	function _down() {
	199	local zone=${1}
	200	shift
	201
1848564d	202	# Kill pppd
711ffac1	203	# XXX very ugly
261132f9	204	kill $(pppd_pid ${zone}) &>/dev/null
1848564d	205
943e3f7e	206	zone_ports_down ${zone}
1848564d MT	207
	208	exit ${EXIT_OK}
	209	}
	210
	211	function _discover() {
	212	local device=${1}
	213
	214	if [ "$(device_get_type ${device})" != "real" ]; then
5b20e43a	215	exit ${EXIT_ERROR}
1848564d MT	216	fi
	217
	218	local output
	219	output=$(pppoe-discovery -I ${device} -U $(uuid) 2>&1)
	220
	221	# Exit if there was not output
	222	[ -z "${output}" ] && exit ${DISCOVER_ERROR}
	223
	224	# Exit if PADI timed out
	225	grep -q "Timeout" <<<${output} && exit ${DISCOVER_ERROR}
	226
	227	local ac
	228	while read line; do
	229	case "${line}" in
	230	Access-Concentrator:*)
	231	ac="${line#Access-Concentrator: }"
	232	;;
	233	esac
	234	done <<<"${output}"
	235
	236	echo "ACCESS_CONCENTRATOR=\"$ac\""
	237
	238	exit ${DISCOVER_OK}
	239	}
5b20e43a	240
8eadf1da MT	241	function _status() {
8eadf1da MT	242	local zone=${1}
711ffac1 MT	243	assert isset zone
711ffac1 MT	244
3cb2fc42	245	cli_device_headline ${zone}
8eadf1da	246
711ffac1 MT	247	zone_config_read ${zone}
711ffac1 MT	248
3cb2fc42 MT	249	cli_headline 2 "Configuration"
	250	cli_print_fmt1 2 "User" "${USER}"
	251	cli_print_fmt1 2 "Secret" "<hidden>"
	252	cli_space
	253
	254	enabled IPV6 &>/dev/null
	255	local ipv6_enabled=$?
	256	cli_print_fmt1 2 "IPv6?" "$(cli_print_bool ${ipv6_enabled})"
	257
	258	cli_headline 2 "Ports"
943e3f7e MT	259	zone_ports_status ${zone}
943e3f7e MT	260	if [ -z "$(zone_get_ports ${zone})" ]; then
3cb2fc42 MT	261	cli_print_warning "No ports attached. Won't be able to start."
3cb2fc42 MT	262	cli_space
943e3f7e	263	fi
711ffac1	264
8eadf1da MT	265	# Exit if zone is down
	266	if ! zone_is_up ${zone}; then
	267	echo # Empty line
	268	exit ${EXIT_ERROR}
	269	fi
	270
711ffac1 MT	271	# XXX display time since connection started
711ffac1 MT	272
3cb2fc42	273	cli_headline 2 "Point-to-Point-over-Ethernet protocol"
201b7dff MT	274	local proto
	275	for proto in ${IP_SUPPORTED_PROTOCOLS}; do
	276	routing_db_exists ${zone} ${proto} \|\| continue
3cb2fc42 MT	277
	278	local headline
	279	case "${proto}" in
	280	ipv6)
	281	headline="Internet Protocol Version 6"
	282	;;
	283	ipv4)
	284	headline="Internet Protocol Version 4"
	285	;;
	286	*)
	287	headline="Unkown protocol"
	288	;;
	289	esac
	290	cli_headline 3 "${headline}"
	291
	292	cli_print_fmt1 3 "IP address" "$(routing_db_get ${zone} ${proto} local-ip-address)"
	293	cli_print_fmt1 3 "Gateway" "$(routing_db_get ${zone} ${proto} remote-ip-address)"
	294	cli_print_fmt1 3 "DNS servers" "$(routing_db_get ${zone} ${proto} dns)"
	295	cli_space
	296	cli_print_fmt1 3 "MAC-Remote" "$(routing_db_get ${zone} ${proto} remote-address)"
	297	cli_space
201b7dff	298	done
3cb2fc42	299
8eadf1da MT	300	exit ${EXIT_OK}
	301	}
	302
711ffac1 MT	303	function _port_add() {
	304	local zone=${1}
	305	local port=${2}
	306	shift 2
	307
943e3f7e MT	308	if [ $(listlength $(zone_get_ports ${zone})) -ge 1 ]; then
	309	error "This hook only supports one port at a time."
	310	error "Please remove any existant port(s) and try again."
711ffac1 MT	311	exit ${EXIT_ERROR}
	312	fi
	313
943e3f7e	314	_port_cmd add ${zone} ${port} $@
711ffac1 MT	315
	316	exit ${EXIT_OK}
	317	}